RADIUS dictionary format

A custom RADIUS dictionary can be uploaded. This file contains dictionary translations for parsing requests and generating responses. This section describes the format and syntax of such a dictionary file. The format is derived from the RADIUS 5 spec, dated July 1996.

All transactions are composed of attribute/value pairs. The value of each attribute is specified as one of these valid data types:

• hexadecimal: Hexadecimal string
• hex1, hex4:1- or 4-byte hexadecimal number
• string: 0-254 octets (includes null terminator)
• stringnz: 0-254 octets (without null terminator)
• ipv6addr: 16 octets in network byte order (per RFC-3162)
• ipv6prefix: 2-18 octets in network byte order (per RFC-3162)
• ipv6interface: 8 octets in network byte order (per RFC-3162)
• ipaddr: 4 octets in network byte order
• ipaddr-pool: IP address selected from an IP address pool
• ipxaddr-pool: IPX network number selected from an IPX address pool
• integer: 32 bit value in big endian order (high byte first)
• int1, int4: 1- or 4-byte decimal number (integer is equivalent to int4)
• time: 32 bit value in big endian order seconds since 00:00:00 GMT, Jan. 1, 1970

All attribute names and value names in the supplied RADIUS dictionary file are derived from the RADIUS spec by replacing all non-alphanumeric characters with dashes ('-').

The following rules apply to the creation and use of dictionaries:

• All comments begin with a '#' character in column 0 OR appear on an attribute or value line with "<white-space>#<white-space>" as the mandatory delimiter between dictionary data and comment text. This is a simple parser.
• All attribute (and attribute value) names and numeric codes must be unique within this dictionary.

• There are three meaningful line entry formats in the dictionary, one for vendor, one for attributes and one for attribute values:

  VENDOR_KEY VENDOR_NAME VENDOR_CODE [COMMENT_DELIMITER COMMENT_TEXT]

  ATTRIBUTE_KEY ATTRIBUTE_NAME ATTRIBUTE_CODE DATA_TYPE FLAGS [COMMENT_DELIMITER COMMENT_TEXT]

  VALUE_KEY ATTRIBUTE_NAME VALUE_NAME VALUE_CODE [COMMENT_DELIMITER COMMENT_TEXT]

• Legend for last column of an attribute entry:

  • c: indicates a single-valued attribute that is a candidate for inclusion in a user's check list
  • C : indicates a multi-valued attribute that is a candidate for inclusion in a user's check list
  • r: indicates a single-valued attribute that is a candidate for inclusion in a user's reply list
  • R: indicates a multi-valued attribute that is a candidate for inclusion in a user's reply list
  • o, O: ordered attribute, some attributes (e.g. Reply-Message) may need to be presented in a particular order to make sense.

Absence of any of {C,c,R,r} flags indicates an item that is neither a reply nor check list item (e.g. State, Proxy-State).

All FLAG characters on a given attribute line must be clustered together to parse properly (i.e. no white space is allowed between individual characters).

Source: http://www.juniper.net/techpubs/en_US/uac/topics/reference/general/uac-radius-dictionary-guidelines.html